SEARCH BLOG

Keyword Search

Authors

Date Range

Categories

Retail Security: Squashing Cyber Threats

Retail success in a digital world depends on a strong marketing strategy and constant upgrades to the latest technologies. The newest in-store and online devices and applications provide customers with easy access to information, speedy checkouts, and convenience while providing management with remote access to operation controls. These technologies help your business stand out in a crowded marketplace, but they also provide threat actors with easy access to your environment and can impact the security of your organization.

Purchasing preferences and technology

There’s no question about it, retailers must keep innovating with technology and provide web-facing applications, mobile apps, and an online experience that engages shoppers. The 2017 UPS Pulse of the Online Shopper survey revealed that when researching products among multi-channel retailers, online access is preferred by 83% of shoppers. It also found that over the previous year, e-commerce grew 13% with a 45% increase reported for mobile retail spending.

Online shopping is not the only way retailers are innovating with technology. Heating, cooling, and overhead light systems may be connected to the Internet and controlled remotely. RFID identification chips, which have fallen in price from more than $1 to ten cents, are being used to count, track, and manage hundreds of products, allowing controllers to change the price of specified items remotely in an instant.

Virtual and augmented reality apps and mirrors are being used to simulate the way a customer would look in makeup, hair color, and clothes. In fact, according to Retail Perceptions, 40% of shoppers would be willing to pay more for a product if they could experience it through augmented reality, and 61% prefer to shop at stores that offer augmented reality over those that don’t.

In a February 2017 consumer survey by the International Council of Shopping Centers (ICSC), 41% of shoppers said they were interested in interactive shelves that provide product information. More than half said by 2020, they expect stores to give them the ability to see virtually how home furnishings and accessories will fit into their homes before making a purchase.

With the good comes the bad

While all these new technologies enhance customer experience, and increase business revenue, they can also be easily exploited by attackers.

A few examples include:

A hacker can listen for communication between an RFID tag and an RFID reader to intercept and manipulate the information to change prices.

The traffic that enables a user to imagine herself in your store clothing crosses your network, revealing details such as IP addresses, location, type of device, user permissions, and more.

Most manufacturers of IoT devices provide no updates or patches for vulnerabilities, so organizations must be diligent about quickly stopping attackers to limit damage.

In addition to ensuring proper security controls are in place for newer technologies, retailers must still contend with vulnerabilities arising from point-of-sale (POS) systems. POS threats are nothing new, and usually due to malware, skimmers or compromised machines that allow attackers to access customer credit card data as well as your network. When those attacks occur, you must be able to recognize and remediate them quickly to prevent or minimize damage.

Securing retail

Security needs to be delivered in a way that is fast and scalable to keep pace with today’s cyber threats.

Smaller companies typically have limited budgets and often lack security professionals who have the tools and knowledge to block and remediate threats. No matter where your latest technologies are housed – on premise, in the cloud, or a hybrid of the two – you must have insight into your data and devices, including your industrial IoT systems, to view the movement of an adversary within your environment. But, spotting your attacker is only the first step. You must also be able to provide immediate remediation, and that’s where most retail organizations fail.

One of the most cost-effective ways of obtaining visibility into all your technologies and securing any environment, is working with a trusted third-party security provider.

The emergence of security-as-a-service (SECaaS) enables comprehensive protection of your total environment with just a quick spin up from the cloud. You don’t have to buy and manage expensive equipment like a Security Incident Event Management (SIEM), intrusion detection/prevention systems (IDS/IPS), or endpoint detection and response tools. For retailers of all sizes, SECaaS can deliver the automatic protection, detection, and remediation your organization needs to reduce the cost and the burden of managing security and compliance.

Diana Massaro | Head of Marketing

Diana Massaro, who wields a healthy affinity for data and metrics-based strategy, leads Armor’s dynamic marketing team. With more than 24 years’ experience of delivering positivity, vision and management leadership to the private sector, her skills scale across a variety of disciplines, including large enterprise software and high-volume transaction models. Her previous roles have included: CEO & VP Marketing at Prodagio Software, VP of Marketing at Idera Software, VP of Marketing and Product Management at Datacert.

Related Blog Posts

Nov 152018

Tokenization + Security-as-a-Service, Part 2

John Noltensmeyer | Head of Global Privacy and Compliance Solutions, TokenEx In the last blog, we discussed the new GDPR standards, what they mean for organizations and individuals, and the ripple effect as other countries implement similar legislation. With so many governments beginning to take data protection more seriously, it’s important to understand the different […]

Nancy Free

Chief Compliance and Data Privacy Officer

Nancy Free, Armor's Chief Compliance and Data Privacy Officer, has over 20 years of IT experience, including IT governance, risk, compliance, and audit. She has spent over 15 years in the IT Security field leading IT and compliance teams in a variety of industries, including: energy, transportation, construction, mortgage lending, healthcare, and retail.

Post Tags

The first two stops on our roadshow are next week! We will be in Dallas on the 26th and Houston on the 28th. Register now to reserve your spot. You won't want to miss it! #compliance #cloud #AWS https://t.co/mzIFnPUAib

More than 80% of SMEs are planning to boost their security budget by 14% over the next year, while 89% say they've enhanced their security staff, appointing roles such as CISO, CSO and VP of infosecurity. Read more in this report by Armor and @451Research. https://t.co/Tcl7i0lLjf

Armor exists to protect. Each employee feels our passion, knows the vision and lives the company values. Diversity is key. Every role is important to Armor’s success. We volunteer our best every day and go to any length to ensure our customers are protected.